LXC containers as VM's for ISPConfig 3 - First steps & quick start.

These steps work well on a Debian Lenny 5.0 container.
After logging into the container for the first time:

1. Type passwd and enter your new UNIX password.

2. Configure locales: dpkg-reconfigure locales Select your language from the long list. NOTE: Should be in utf8 format and the default for the container.
Clear out your locales cache: apt-get install localepurge
Then run localepurge

3. Configure local time. VERY IMPORTANT if you want to avoid problems with syncing timestamped files later (yikes!). Do this: dpkg-reconfigure tzdata and select correct timezone. Then run this diff -s /etc/localtime /usr/share/zoneinfo/`cat /etc/timezone` .. these should be the same and when you "poweroff" from the console you should see local time being correctly reported.

4. apt-get install vim-nox

5. Get a decent set of sources from here: http://debgen.simplylinux.ch/ -include "main", "security" and "volatile" repos. vi /etc/apt/sources.list
Paste your new sources in and save.apt-get update
apt-get upgrade

6. vi /etc/network/interfaces and set up a static ip for the container as you normally would./etc/init.d/networking restart
check the output of ifconfig - your network should reflect your changes.

7. vi /etc/hosts - write out the hosts file as you normally would - note that this will be a new file since the default container doesn't have a hosts file.echo hostname.example.tld > /etc/hostname
/etc/init.d/hostname.sh start
The output of hostname and hostname -f should now be hostname.example.tld

-----------------------
You should be good to go now with installing a base system for use in a multiserver setup although the master server (with quota installed) will still have to reside on the host server/physical machine unless you customize your fstab in the container.
-----------------------
Regards.

I was getting rkhunter warnings about the absence of /lib/modules directory in a LXC running Debian 5.0 Lenny so with a bit of skulldugery I simply created the directory /lib/modules.

Later when I started running Debian Sid (testing) containers the rkhunter warning went further to complain that /lib/modules was "either missing or empty" so I put a dummy-file in there and all is good for now.

vi /lib/modules
## This is a dummy file located /lib/modules in a LXC

I have found it better to deal with rkhunter on a fresh install of ISPConfig3 or any system where it is installed) as follows:

3. Deal with any warnings as you will.
For example:vi /etc/rkhunter.conf
ChangeALLOW_SSH_ROOT_USER=no (line 199)
toALLOW_SSH_ROOT_USER=yes
:x

4. Run a check again to make sure all spurious warnings have been dealt with.

5. When you are happy that all is well (and only then!) you can run a system wide acceptance of the changes you have made.
rkhunter --propupdate

6. You will still get warnings in the future about possible compromise. For example if I reconfigure debconf and decide to go with readline instead of dialogue inside a LXC, rkhunter will log the change and this is a good thing.

Is there any special reason why you use lxc and not openvz? I checked lxc a few months ago and as far as I have seen, lxc has no quota support yet and no advanced vm limits. LXC seemed not be mature enough for a real deployment so I use openvz as container system on my servers and it works great.

Later when I started running Debian Sid (testing) containers the rkhunter warning went further to complain that /lib/modules was "either missing or empty" so I put a dummy-file in there and all is good for now.

vi /lib/modules
## This is a dummy file located /lib/modules in a LXC

Click to expand...

A better solution is to disable the "os_specific" test in /etc/rkhunter.conf